About Actions

Actions are YAML snippets you can use to enrich the data specified by your workflow's data collection.  Actions are not designed to run by themselves but instead be inserted into your enrichment workflows. 

ThreatQuotient highly recommends reviewing an action's user guide before downloading and installing the action.  See the Integrations section for those guides - both in web and PDF format.  

Quick Notes

• Actions can be download from the ThreatQ Marketplace - https://marketplace.threatq.com . 
• Actions with the term "bundle" in the name contain multiple actions.
• Actions can be installed by uploading the zip file itself to the ThreatQ platform.  

  Refer to the action's user guide for details. Some action zip files contain custom objects that are required to run the action. Those custom objects cannot be installed using the ThreatQ UI installer.

• Actions are automatically enabled upon installation and cannot be disabled.
• The configuration settings set for an action will be applied when inserting it into a workflow.  You can change an action's configuration settings for a specific workflow or the default configuration settings. 

  Updating the default configurations for an action will not update any instances of the action that has already been deployed in a workflow.